From the column:
Here are some basic computer security checks you can do for your own stand-down review:
* Do a complete inventory of all managed assets.
* Inventory all installed software and remove unauthorized software.
* Review running server services and remove unnecessary software.
* Inventory security permissions and implement correct security permissions.
* Inventory user accounts and remove unused accounts.
* Review the number of highly privileged accounts and who needs them.
* Review router and firewall access control lists.
* Review password policy and enforce complex passwords.
* Review physical protection of assets.
* Review patch management success.
* Do a spread spectrum analysis on network traffic and review any unexpected protocols.
* Review anti-virus infrastructure success.
* Review e-mail security policy.
* Review small computer security policies for potential management efficiencies.
* Review security automation tool success.
* Review software programming secure coding practices.
* Review backup policies and audit success.
The key is that reviewing and implementing all the things we are always told to do will provide more bang-for-the-buck security than all the expensive, specialized security devices you can purchase.
A good overview of some immediate checks you can do within your environment.
Full Article | Time for a stand-down review
A good introduction to being more secure and anonymous when online. Covers various methods anonymity can be achieved over a 2 part series (windows media player or Real Player required for video).
Part 1 and Part 2.
Another unmentioned and seemingly quite secure method is to use the Tor Network and Onion Routing.
Having been a sans.org user for a long time i was suprised to find a service i was not aware of. An excellent newsletter service that helps to raise awareness with end users about phishing attacks plus viruses and other malware. It uses real world examples, and current news keeping it interesting and informative.
Ouch!: Security Digest
Many are aware that insecure wireless access points are a real danger to an organisations internal network. So WEP (not very secure) or WPA (much more secure depending on implementation) are enabled and you sleep better at night. These tutorials may just change that. See a demonstration of how easy 128 bit WEP cracking and WPA password attacks really are.
Remote-Exploit.org is a bootable linux distribution that has some extensive security tools for penetration testing and security assessment.
Getting drowned in spam? Not only does spam cause a loss of productivity purely from the additional time taken to clear your inbox. Spam also includes links that are a threat to your operating environment from phishing attacks to web pages containing malware and spyware.
This article contains some interesting comments on the current state of the fight against spam. The Spam Assassin Behind SpamAssassin
Link to Spam Assassin
